Curved from both sides, a little bit lumpy and a little bit smooth

the day before you both came out from under my heart.

And when you came, carefully birthed from the cut in my

stomach, I really couldn’t comprehend where

these two beautiful children

had come from.

Such beautiful twins, they said, such a good size.

So healthy, they said, so wonderful.

We just looked at you

and our hearts delighted.

Now you grow, grow, change every day

into curious, happy, wondering little people.

I carry you both now, tucked against me, curled against my back, my front.

Tiny little sighs puff against my neck, a cheek rests on my breasts.

I sometimes look at you and think, Can this be real?

Are you mine, ours? Are we yours?

Rounded from both sides, a little bit lumpy and a little bit smooth

this day as I wonder at my body.

Each stretch, each tear, each kick I felt as you pressed against

my skin

from the inside out.

This time last year we had just found out you were

inside me. Your hearts started to beat the day after Christmas.

This year, you are here.

Yes, you are here.

Hunting Friday night and this morning, I saw a decent amount of deer movement. The cool temperatures seemed to help, but overall I didn’t notice a drastic amount of improvement than a few weeks ago.

The deer are definitely tuned in to their surroundings much more as gun season in Ohio wraps up.

Friday, I tweeted from the tree and had plenty of deer coming my direction, until they caught my drift and scooted out rather rudely.

I decided to give the Buck Roar call from Primos a try after they cleared out of sight. I still had a decent amount of daylight left. The wheeze and grunt combination seemed to do the trick.

No more than a minute after the others disappeared, this little spike or three point (hard to tell) came charging through.

What’s interesting to note is the hair scalped above his front shoulders. I have three guesses as to what caused this. First, he may have been shot at. Second, as deer crawl underneath fences, he may have gotten caught. A final scenerio is he was beat up brawling another buck.

My guess was that it was a scare attained from a fence. The wide pattern over the shoulder looks to broad to reflect a bullet or arrow wound. The chances that this deer was fighting is slim, and a fighting mark probably would have looked less uniform.

But who knows.

Today, I saw a small buck 200 yards away chasing a doe. I once again snorted and wheezed. It stopped the buck and he wanted to investigate. He stood motionless for a solid 10 minutes. He stared hard up my way before before the doe he chased off came back to him. They walked away together the direction they originally came from.

I’ll be back mid-week or so.

Snortie repeating me, on Nov 22 (make sure to watch it all, as there is a surprise ending!):

Have you ever said, ‘Let’s just burp you, honey, and then we’ll clean the blood off your sister’? For your sake, I hope not. How to replicate my morning in a few easy steps:

1. After feeding your daughter, decide to cut her nails while she’s awake. Accidentally cut out a pretty decent hunk of skin from her thumb. Bleeding ensues.

2. Blood is on her face, her clothes, her hand, your hands, your clothes, the muslin. Comfort her. She will throw up because she is crying so hard.  Once she stops crying, keep repeating, ‘Why is this STILL bleeding?’ over and over again.

3. Tune in to the fact that your son is wailing. Look between them, then place her in the bouncy chair, encouraging her to continue to hold the muslin.

4. Feed him. He refuses to burp. Look at her.  Blood is pooling. Her hand looks like it’s been dipped in red paint. She is smiling, smiling, smiling. She is bleeding, bleeding, bleeding.

5. Pick her back up, lay her flat on her back, elevate her hand and apply pressure to the avulsion. When she bleeds through two layers of muslin, add another layer. Take pictures because you will want to blog about this, even though you know you will be too impatient to upload pictures before writing.

6. Look at him while he scratches the holy FUCK out of his face because you haven’t creamed or steroided him, due to the aforementioned bleeding.

7. He looks at you while, yes, he shits his pants. And the chair. And everywhere. Tell him he’s going to have to sit in his shit because blood takes priority.

8. Your daughter falls asleep. The bleeding slows. Take some more pictures.

9. Get back on the horse and cut the rest of her nails, including touching up The Bad Thumb because you not only cut the tip of her thumb off, you cut the nail into a point.

10. BONUS. You son shits some more. If you had changed him before, he would have pooped on YOU while his diaper was off! Score!

11. Finish her nails. Put her down. This is important because he is falling asleep.

12. Pick him up. Go to change him. You’ll need to start cleaning the poop off him before his clothes are even off, that’s how much shit there is.

13. When he is clean and perfect again, go to dry him with the cotton balls. Because he is your lovely boy, boop his nose with the clean cotton and then swirl it on his tummy like he likes. Oops. He’s peeing. Everywhere.

14. Laugh. Crack up. Clean the pee.

15. As you go to put a fresh diaper on, you realise he is SOAKED in pee from the nape of his neck down. Say, ‘Oh, Snooooooooooooooooort.’  Put him in a sitting position and use the muslin (not the bloody one your daughter still has in the other room, a clean one) to wipe off the pee from his back and head. Wipe the changing mat with it. Debate washing him, then realise it’ll make the eczema worse – and you didn’t even know he had it on his back.

16. Take this opportunity to smear cream on his back. Bonus! He burps from being upright!

17. Put him on the lounge floor and begin creaming him. Realise you have not washed your bloody, pee and poop soaked hands. Don’t go near his face.

18. There are no clean 3-6 rompers. Put him in a 0-3 with no feet, MAKE it fit him. Look at her hand.

19. Oops! It’s merrily bleeding again. (Did I forget to mention you have already cleaned blood off her face and fingers? Because you’ll need to do it again here.)

20. Leave him on the floor. Apply pressure to her thumb. Look at him as he scratches his face some more.

21. Go apply some steroids to the side of his face that is available, as he is sleeping on the left side of his fucked up flat head again.

22. Apply some more pressure to her.

23. Go to this blog to write about this. She will puke again while you are on number 17. Look at her outfit. She has now bled through the sleeve that is pulled over her hand in about 7 places. Jesus. In fact, the bleeding looks pretty bad now. And it’s been two hours since you cut her.

24. Stop writing.

Turns out Freud was right: you can blame everything on your mother.

Last night I was in the bathroom and called out to TMD. ‘Can you come in here and look at something?’

‘Is it your poop?’ she asked, a tired note in her voice.

‘Nope.’ I stood up, turned around, bent over.

‘Your piles?’

‘No. Look.’  I pointed to the backs of my knees. Sure enough – red patches, itchiness, hard skin.  ‘I’ve got fucking eczema.’

I stood up again.  We looked at each other. Her eyes widened.

‘Of course you’ve got fucking eczema! You’ve never had to work a day in your life before the babies came. And now you are washing your hands fifty times a day.’

(It’s true. In between my fingers have gone bright red, extremely itchy, and leathery dry.)

Like a detective, I stepped closer to her and almost got into a two woman huddle.  ‘You’re right. And how fucking itchy my legs have been?  I’ve been taking a bath like every night, and you aren’t supposed to use hot water or soak in long baths with eczema.’  I said, then  turned to run the bath water. Eczema or not, my ass is having my nightly escape from parenthood with hot water and a good read.

‘You remember the “alligator skin” you sometimes get on either side of your nose? Eczema.’  She ticked things off with on her fingers.  ‘And the clown lips you got as a child? Eczema. Fucking hell, Existere.’

I nodded slowly.  ‘And the bumps I got all over my ankles during and after pregnancy? And – oh my god – THAT FUCKING RED SCALY BEARD THING I got in the first trimester?’

We paused, then said together, ‘Eczema.’

For about a week now I’ve been half seriously considering contacting the clinic and saying, ‘I think you should know that one of your sperm donors is creating very itchy babies, and you might want to warn people about this shit.’  TMD now pointed out that she was considering calling the clinic to apologize to the lady who got pregnant with my egg, as I was apparently the cause of the itchy baby shit going around town.

Wow, right?

I’ve never ever had dry skin. I am an oily motherfucker. But it is true, a few times in childhood the sides of my lips got red and thickened and sort of extended my lips, making me look like Jack Nicholson as The Joker. And I do get alligator skin on my face regularly. It just never occured to me that it was eczema.

Um.

Sorry, Snort my boy. (At least with family history perhaps he’s not allergic to shit. I slathered his face and neck in cream constantly – literally constantly – yesterday, and it is looking better. Today I’m not going to put a vest on him, just keep him in his romper babygrow thing, so I can keep unsnapping and coating his chest and tummy as well.)

And, for the record? I tried cream #4 on the backs of my knees, in between my fingers, and in a certain other crack where I developed bad dry skin during the final trimester of pregnancy, and that shit STINGS. Bad. Hardcore. I guess he got his aversion to quality skin care treatments from me as well.

There are a lot of things I could write about at this point, but only one topic has really been on our minds every day…and now, nights, too. Snort’s eczema. The second we stop using steroids (okay, a day or so after) it flares up again.

Yesterday I tried the cream I’d been saving, my big hitter. It is from Country A, so I superstitiously believed that would somehow make it more healing, more effective, more…um….good. After six hours of using that cream, he looked like he’s been sunbathing in hell. Every single part of his face was a flaming red. The skin had thickened, those dreaded bumps that ooze were everywhere, and it was all hot to the touch. Back to cream #3, and thank god he’s going to the doctor this afternoon.

Last night he refused to sleep. He would scream and scream unless being held, and of course rubbing and scratching his face. TMD ended up sleeping sitting upright on the couch while holding him. Poor chuck.

And his sister? She’s got a few teeny tiny patches of eczema. Thank god she isn’t the one with this, because while his skin may make him look like a stunt double in a horror flick, hers is actually more sensitive. I put a dab of cream #3 on my finger today and swiped it across her dry patch, ending on her cheek. She immediately screamed like I had plunged a knife into her stomach. She squeezed her eyes shut, kept screaming, wouldn’t be comforted. Then I saw it: a perfect, single finger swipe of deep, angry pink/purple on her cheek.  Her instant reaction to the cream has gone down now, but lesson learned.

TMD cancelled Coconut’s doctor appointment today because most of her tummy rash and other things had gone away. Snort is still, well, Snort. The eczema is on face (including eyelids!), neck, scalp, chest, tummy, arms, legs, even the his ankle creases. Nowhere is as angry or terrible as his face, though.

At first I think it bothered me more than him, because it just looked so sore and, well, ugly. But now he spends all of his awake time rubbing and scratching. I have put cream #3 on so heavily that it is a white spread of stuff on his face (think: cream cheese). The second it soaks in, I reapply so it is thick and white again.  TMD did this constantly overnight, and his forehead is looking better.

I know the doctor is going to give us more steroids. I don’t want to use them on his face. If it would calm this massive flare up, and then the eczema would be manageable with some cream, fine. Fact is, we haven’t found our magic cream yet. I spent hours last night online, looking at very expensive organic and homeopathic shit we would have to import. I don’t mind paying for it if it will help, but jesus is it a lot of money to spend when chances are it won’t. Argh. We also have no idea what is triggering this, though I am wondering about dairy as cream #4 apparently has milk protein in it.

I suppose the good news is that this has all sparked my Buddhist practice again, and I’ve been doing gongyo in the morning with the babies, and we did it as a family last night.

ANYONE with any cream recommendations specific to babies and eczema, let me know. Sorry this is a dull subject to read, and congrats if you got this far. I am just so worried about him, and last night I was crying and feeling guilty because everything got so much worse after I applied the cream I just HAD to use.

So, you thought I was ‘just’ a counsellor. You thought wrong, biotches. Oh, didn’t you know? I went to Get A Degree Overnight University and am now a registered pediatrician.

Yeah. Because there are no appointments until next Tuesday, even for 15 week old babies with eczema and fucked up rashes. WHO NEEDS CONVENTIONAL DOCTORS?? Not when I can do my own home visits, natch.

Smear some barrier cream on those tummies. If it works for their ass/willy/hoo-hah IT WILL WORK ON THEIR SKIN. Yeah. Rub it in. Rub it in real good.

Oh, her cheek looking bright red? Her forehead still have that vulcan ridge of thick dry skin? Well…..FUCK IT! Your wife will go to the chemist on the way home from work and buy all the cream that yourself, in consultation with Dr. Google, has decided she should be prescribed.

Slap some steroids on his face. Oh, sure, they thin the skin, but what the fuck, right? I mean, his face immediately flares back up into eczema the second you stop using the steroids, no matter that you are smearing him in thick layers of gasoline-smelling cream every hour. And he woke up this morning with broken, scaly skin that may or may not start oozing? STEROIDS.

So. We’ve got a combination of the ass cream, some mild topical steroids, hardcore expensive creams, no doctors appointments for miles around.

Dr. Existere will fix this shit, she’ll fix it reeeeeal good. When TMD brings the new creams and bath solutions home – because the bath shit prescribed last week has caused red bumps and braille messages to appear on two tummies – we will see which one works and then I will tell the doctor what he/she should be prescribing us. Because who needs respect for the medical profession?

Not when you’ve got two babies who apparently were born with such delicate, sensitive skin that unless you are using cream made of pure gold, it will not be good enough for them.

I WILL FIX IT.

You shit your pants, getting poop everywhere? Yes, it took me twenty minutes to clean you, and I just now remembered that I left shit smeared on the changing mat, a shit covered outfit thrown on our nice new neutral coloured carpet, piles of shit soaked cotton balls on the nice wood changing table. Who cares? The poop is mostly off your skin, and hell, let’s just slap a lot of cream on your cootch JUST IN CASE. Barrier creams can solve anything, can’t they? They work on Mommy’s pimples, they will work on your cootch that is rubbed raw from all the shit everywhere. MOMMY FIX IT, YO.

She fix everything. No questions. No lack of confidence.

You refuse to burp? Well, fuck a doodle doo, I’ll just throw a bib on you until you fall asleep in an upright position, and then rip it off once you are asleep. You will wake up in an hour and throw up, but shit, dawg, we need to air out your paper-thin neck skin covered in that ugly, ugly rash. FIXED IT.

And you, little girl? Overnight nothing fits you? And there are no clean big girl or big boy outfits? No clean scratch mitts for him? Eh, fuck it, yo. I’ll just smell these scratch mitts that I found on the floor to see if they smell like gasoline cream, because if not it’s probably okay for him to suck on them. I’ll do laundry, MOMMA FIX IT.

Oh? Cradle cap? The one thing the gas lotion fixes. Slap it on, glue your fine blonde hairs to your head with all this gunky greasy cream. There you go. Now you look like Mama if she doesn’t shower, and your cradle cap has softened into a yellow goo. FIXED.

Giant booger in your nose, girl? We’ll wait until you throw up out of your nose, as that will push it close enough to the edge for me to be able to hook that little fucker with my pinky finger. And when I pull out that rubbery inch long piece of brown snot, I will hoot in pleasure, screaming my victory much like an old man who catches a big fish in the sea. SNOT FIX.

You won’t sleep? Crying? Mama will pick you both up and sort of juggle you around on her lap/tummy, praying to god your head won’t snap back and break your respective necks at any point. She will rock back and forth and ooze positive thoughts in your direction until you slumber. SLEEP FIX.

I FIX IT ALL. I am a pediatrician, and I won’t listen to you if you say I’m not. Now, back to the rash problem…..

People laugh everyday. I mean, you can’t honestly look back at everything that happened today and say that you didn’t snicker the tiniest bit at something you heard, saw, or even thought about…can you?

Have you ever laughed really hard, so hard you probably did pee a little, and then actually thought about what a true joy it is to be able to laugh? Laughing is a way to express the amusement you find out of something someone said or did. Even the smallest chuckle shows what appreciation you have towards the person or thing that helped take your mind off of other things around you.

So, thank you, to everyone that made me laugh today. I needed it, even if you don’t realize it.

[fossiledsecrets]

So. Three things.

1. Coconut’s poop switched to smelling like butter flavoured microwave popcorn about a week ago, and now Snort’s smells that way too. I love it.

2. In the middle of the night last night, Snort was manipulating his tongue and practicing new sounds. He said ‘Hello’ as clear as day and it was freaky!

3. Snort’s face is all messed up and oozing. Think it is infected exzema. We have antibiotic cream, but doesn’t seem to be working. TMD taking him to the doctor this evening. Cross your fingers for him, and for me – my heart can’t handle anxiety, apparently. I am all nervy about this!

Allow me my tiny moments, my tear filled eyes, my swollen heart. As I hold one, look into eyes, giggle at a goofy smile – and the other at my feet, full of sounds and kicks and laughter. I bitched throughout pregnancy. People came here to leave me comments, and more than one person emailed to thank me for not looking at things through rose-coloured glasses.

I, too, rolled my eyes at all the women who were trying to get pregnant – as we cheered each other on, they did it with blinkie signature files and I did it with telling people how my wife stuck pessaries up my vadge. As I tumbled through pregnancy, I wrote about not being able to walk, about throwing up in the bathtub, and, yes, about the tiny sweet kicks that rapidly turned into thunderous wrestling matches in my stomach.

I told the truth then, unvarnished, so you can trust that I tell it now.

Motherhood is so sweet that sometimes I am filled up, up, up with adoration for my children, for myself, for my wife. I sing to them and am amazed to feel wetness trickling down my cheeks. We hold whispered conversations, we are a daytime team of three, we can conquer the world.

Sometimes I am so tired I can barely pick my feet up. There have been two occasions when I have sobbed uncontrollably and felt like I couldn’t take it anymore. But the real seed of truth in the middle of it all? I often have an uneasy feeling, a wondering where all the terrible days are. As I read twin blog after twin blog, I read of women sobbing on the floor, sitting between their two babies, not sure who to help or how.

Me? I feel like the motherfucking baby CHAMPION, a woman so capable and strong in this new way, this fulfilling way, this way where I am talking back and forth to these two little people. She with her face that lights up, that tightens and tenses her whole body in a tall sort of happiness, her funny chewing face and sometimes solemn eyes. He with his conspiratorial glances at me, his wide mouthed and uneven smile, his laugh so powerful he surprises me every time.

We are getting the hang of it, and sometimes it’s lather-rinse-repeat of the same tasks over and over, but more and more it becomes a joy, a moment I want to live deeply in, a time I can already feel slipping away and so I concentrate on remembering every instant. Really paying attention to what it feels like to have her sleep with her right arm tucked around my back. Loving every time I change his diaper and he chats chats chats until we are both filled up with new thoughts and ways to be.

I cheer her on as she holds onto a toy and gnaws its face. I apologise to him for the ridiculous scratch mitts that are back in the game, as his poor face oozes and reddens. They reward me with their patience, their independence, their sweet baby snuggles and wide eyes as they watch the trees bend and sway in the wind.

For them, I walked this evening on my own to the doctor’s office, my legs still so weak and sore from months of being unable to walk. I almost gave up and came home, and then I kept going because I want to take them on long walks, I want to stomp in crispy leaves with them. I want to watch him feed the horses. I want to lift her up and point out the trains whizzing past.

I don’t need to look at my mornings through rose coloured glasses, because life is just rosy. I have a daughter who looks so happy and amazed just to be awake, just to be hanging out with me in our home. I have a son gulping his bottle, sitting on my leg, so strong, busy looking at everything. I know their rhythms, their likes, what it means when they move their faces just so.

Motherhood makes me feel like I am the first woman to have done this, the only one to really understand what it means. Motherhood makes me deepen myself, makes me feel a fierce love and determination to create a life for these two little people to unfold in their own ways, at their own pace, in their own directions. I want to be there in the background, my arms and heart ready to catch them when they need it, but giving them the space and freedom to make mistakes and try new things and be their own selves.

I want nothing more than this cycle of life to carry on, to continue, to grow older as I watch them grow up.  I’ve been thinking of my grandma a lot lately. How she held my mother, how my mother held me. Here we are altogether, linked by this business of being alive, of doing things that are no different than what has happened for thousands of years for billions of women.

But in here, in my heart, in this house, it is our little team of three that laugh together, that experiment with what it means to have a brother, a sister, a mother, two children. We smile when TMD comes home, their eyes widen and bodies jerk when the post comes, the cat streaks to the door on both occasions. I sing them Christmas songs, we dance to rap music, I curl up with one or the other and we read. I take naps with little baby bodies held close, their heads turned in toward my heart. I touch her smooth, soft cheeks. I rub lotion again and again into his funny chapped skin, loving that he loves that so much. We live in a world of touch, of taste, of kisses and space.

Sometimes we all do our own thing, in our own ways. Other times the three of us look at each other, burble, talk, smile. They look at each other when the other one is not looking, and sometimes they get a little worried and look at me to make sure everything is okay.

And it is.

Better than okay.

Over and over and over again, we get repeats and do-overs and try agains. Through it all, I feel this time, this babyhood, as something so painfully sweet and slippery. Every day they grow up and into themselves more, and I find myself thinking of them as teenagers – and then I yank my attention back to right here, right now, because where else would I rather be?

It’s a bug that lives in your nose and it’s hard to pull out like a regular booger, it sticks to the inside of your nostrils and may stay there for ever. It’s called boog-mesis and comes from a beautiful orange-blue flower that is most common in Queensland and South Australia. The flower exudes alluring aromas that make people think it’s harmless. Even the slightest whiff can be enough to welcome the tiny bugs in your nose. To recover from boog-mesis, you’ll have to take nasal spray every day for a month before intense sneezing subsides and even then healing may not be complete as the bugs can fester in your nose for months. Be careful during spring and summer. Mesis!

http://www.thinkaloo.com

Happy three month old birthday! It’s taken a lot of booby and bottle, but you are so big!

(Snort = 14 lb 4.5, Coconut = 13 lb 2.5)

 1. Introduction:

New image in the hand sign photoshop contest

source and my pictures
spelling in Amslan
(American Sigh Language)
…
Giggle Snort photoshop picture

No snort, No smoke, No injection.

That is my motto with drugs. Thought I have never done any drugs my self, what is stopping me from doing a type of drug that doesn’t fall into one of the categories above?

Would I react the same way towards a happy brownie the same way I would react to a fat joint? I personally don’t think I would. Alcohol is a drug, and I’ve drank it. Why is it that I would put alcohol into my body and not those other drugs? I think what it comes down to is, why is the reason I don’t do the typical drugs? I understand that it is a poison to the body, yes so is alcohol. And it is a hallucinogen, but alcohol is kind that too. The reason I don’t see myself doing those other drugs is because I cannot see myself smoking, snorting or injecting.

When I here about mushrooms, I understand that it is a drug, but I don’t see it as bad as the other kind. Maybe it is, but in my mentality it’s different. While others see drugs as bad because it may ruin people’s lives and such, I see it as a gross action. But there are some drugs that are eaten or drank.

I’m just scared that this state of thought will cause me to eat or drink some illegal drug that might fuck me up. But I guess I won’t know how I would react/respond until I am actually in the situation.

So the last few months have been really hectic, and I fear it’s just the beginning.

I’ve been setting up RSA Envision for central logging for PCI customers and security event management. I’ve managed to get several devices set up, and also created some correlated alerts and edited(read fixed) a few of the default ones RSA provided. I also feel I helped spur a fix in the event source update for Snare for Windows as it wasn’t accurately defining those logs, nor snort logs for that matter.

A month later, and all is well. I’ve also managed to create a UDS for Intersect Alliance’s Epilog for Windows, and it’s working magnificently to track brute force attacks against our windows servers using VShell. Originally, it would give me the windows logon failure through our Snare reporting but the IP address information associated with the attack source was locked away in the VShell log. Now all of it is accessible within Envision. I’m currently working on getting Envision integrated with our ticketing system so that when tasks are generated a ticket is automagically created with the task. My only complaint is that in doing Task reports I do not have a column with the external ticket reference available. I am hoping this will be added, as of right now the only way to access it for reporting purposes is to parse it externally from the xml file generated for the task at creation, as it does not appear to be in the database.

I’m collaborating with a few of the technicians I was fortunate to meet during my 4 days of training at EMC2 to share and explore as much as we can together and get each of our systems working as efficiently as possible. I am very thankful for the training, although the first 3 days weren’t as involved as I would have liked them to be. It consisted mainly of “do this, now this, and this is the result.” rather than a case scenario where you are required to analyze and determine the next course of action using Envision as your gateway into the event. The UDS training was very much a case study scenario which helped quite a bit.

Another little nasty thing about Envision is that it counts all logs towards your EPS. So regardless if a log line is just informational or insignificant, it’s still going to take away from your EPS limit. So if you plan on using Envision mainly as a security centric tool, you’ll want to really revamp your logging structure. For instance have all informational/debugging level cisco logs sent to a strictly logging server for troubleshooting purposes, and all of your severe, critical, and alert level logs sent to Envision. This would cut down the EPS that are generated at log level 7. You could also scale down the logging level, but that’s not an acceptable security practice in my opinion. For central log management, omitting logs is simply unacceptable either.

I’m sure in time I’ll be finding more ways to make this tool work for me.

En este post se detalla la forma de instalar un sistema de detección de intrusos SNORT en Ubuntu, luego de haber configurado el servidor web seguro.

Paso 1: Obtener privilegios de Súper-usuario

El primer paso es contar con privilegios de súper-usuario. Esto se logra mediante el comando:

 ----->sudo su –

Paso 2: Instalar algunos paquetes

EL siguiente comando instalará varios de los paquetes necesarios para que SNORT y BASE funcionen correctamente.

----->apt-get install libpcap0.8-dev libmysqlclient15-dev mysql-client-5.0 mysql-server-5.0 bison flex
      libapache2-mod-php5 php5-gd php5-mysql libphp-adodb php-pear libc6-dev g++ gcc pcregrep libpcre3-dev

Durante la instalación se harán algunas preguntas como si desea configurar una base de datos a la que snort-mysql enviará registros? A esto respondemos que no, pues la base de datos la configuraremos manualmente después.

Se debe ingresar una contraseña para el usuario root de mysql.

Se debe confirmar dicha contraseña:

Luego se debe esperar a que se instalen los paquetes restantes.

Paso 3: Descargar y compilar SNORT.

Una vez terminada la instalación de paquetes necesarios, se debe descargar la última versión de SNORT (2.8.5.1) y las reglas (snortrules-snapshot-CURRENT).     

Éstas las podemos encontrar en la página web de SNORT : http://www.snort.org/downloads. Para descargar las reglas debemos contar con una cuenta, por lo que la descarga de las reglas es mejor hacerla mediante el gestor de descargas del navegador.

Debemos ubicarnos en el directorio /usr/src/

 La instrucción para la descarga de SNORT es

  ----> wget http://dl.snort.org/snort-current/snort-2.8.5.1.tar.gz

   A continuación se deben desempaquetar y compilar dichos archivos mediante las siguientes instrucciones:

   Estas operaciones pueden tardar unos minutos.

   Luego se deben compilar mediante:

   En caso de no tener instalado make, se puede instalar mediante el comando

     ---->apt-get install make
 
   En este punto se debe configurar SNORT. Para ello podemos ejecutar los siguientes comandos:

  ----> mkdir /etc/snort /etc/snort/rules /var/log/snort
  ----> cd /usr/src/snort-2.8.5.1/etc
  ----> cp * /etc/snort/
  ----> cd ../rules
  ----> cp * /etc/snort/rules

    En los comandos anteriores se crean las carpetas necesarias para la configuración de SNORT y se copian los archivos y las reglas
    a las carpetas correspondientes.


    Se debe abrir el archivo snort.conf ubicado en /etc/snort/snort.conf para modificar la ruta donde SNORT encontrará las reglas, 
    cambiando "var RULE_PATH ../rules" a "var RULE_PATH /etc/snort/rules"


    También se debe configurar en SNORT la base de datos necesaria. 
    Para esto se descomenta la línea # output database: log, mysql, user="...

    Y se reemplazan por los valores: "User=snort", "password=snort", "dbname=snort". Estos valores se deben tener presentes

    a la hora de configurar la base de datos. Una vez hecho esto se debe guardar el archivo y cerrarlo.    

  Paso 4: Configurar MySQL

Para configurar MySQL se necesita tener permisos de súper-usuario, lo cual se logra así;

   Y debemos ingresar la contraseña para el usuario root de la base de datos. Ahora debemos crear la base de datos   que  se  configuraron en SNORT. (usuario, password y nombre de la base de datos).

   Ya hemos creado la base de datos pero no hay tablas en ella, así que podemos usar el schema de SNORT:

   Si todo está bien configurado podrá ver un cerdo hecho en caracteres ASCII en la pantalla de la consola, la cual se

   queda congelada.

     Para recuperar la consola presione Ctrl+c. Así concluye la instalación y configuración de SNORT.

BASE (Basic Analysis and Security Engine) es una interfaz web que permite ver las amenazas y ataques que se intentan hacer a nuestro servidor web. En este post se describe la forma de instalarlo una ves tenemos listo el servidor y se ha configurado SNORT correctamente.
 

     Paso 1: Descarga.
 

El primer paso es descargar la última versión de SNORT. En este caso la última versión es la 1.4.4. Podemos descargarla mediante el navegador desde la página:
 

O en la terminal digitamos: 

—-> wget http://easynews.dl.sourceforge.net/sourceforge/secureideas/base-1.3.9.tar.gz 

Este archivo se debe ubicar en el directorio raíz donde se tiene el sitio, en mi caso /var/www/ 

     Paso 2: Descomprimir el archivo

Ahora es necesario descomprimir el archivo y asignarle permisos especiales al directorio, así:
—-> cd /var/www/
—-> tar zxvf ~/base-1.4.4.tar.gz
—-> chmod 757 base-1.4.4

     Paso 3: Activar módulos
 

Se deben activar algunos módulos que base necesita para funcionar. Si no se cuenta con pear, o si la versión es más antigua que la necesaria, se puede actualizar mediante: 

—->pear upgrade –alldeps-pear 

Luego:

—-> pear install Image_Color

—-> pear install Image_Canvas-alpha 

—-> pear install Image_Graph-alpha

—-> pear install mail

—-> pear install Mail_Mime

     Paso 4: Configuración de BASE
 

Ahora debemos configurar BASE abriendo el navegador y digitando http://YOUR.IP.ADDRESS/base-1.4.49/setup, que en mi caso sería
 http://velasquez.seguridad.net/base-1.4.4/setup

Se visualizará una pantalla inicial de BASE en donde se podrá seleccionar el lenguaje. Se debe hacer click en continuar.

      Paso 4.1:

Se debe ingresar la ruta para ADODB.   ADODB es un conjunto de librerías de bases de datos para PHP. La dirección que se debe ingresar allí es:

/usr/share/php/adodb.
 

     Paso 4.2: Introducir criterios de la base de datos.
 

Se debe seleccionar en el tipo de Base de datos la opción MySQL, digitar el nombre de la base de datos, que n mi caso se llama “snort” digitar el Database Host como “localhost”, y el nombre de usuario y contraseña de ese usuario para SNORT, que en mi caso son “snort” y “snort” respectivamente. Luego debemos hacer click en el botón para enviar los datos.
 

     Paso 4.3: ¿Autenticación?

Se presenta una pantalla donde se pregunta si desea control de autenticación a BASE. En mi caso lo dejé sin autenticación. Si este es el caso se debe hacer click en el botón de enviar, pero si desea más seguridad puede fortalecerla ingresando un nombre de usuaro y una contraseña y luego marcando la opción de manejo de autenticación.
 

      Paso 4.4: Crear configuraciones automáticas
 

Se debe hacer click en el botón de Create BASE AG.
Luego de esto en la parte inferior aparecerá un botón que dirá Now continue to step 5. Se debe hacer click ahí. 

     Paso 5: Click en Main Page.
 

Se recomienda marcar esta página en el browser.
 

Ahora hemos configurado BASE pero no es accesible desde https://localhost/velasquez.  Para hacer cabiamos el nombre de la carpeta  /var/www/base-1.4.4 a  /var/www/velasquez.

Tambien debemos abrir el archivo base_conf.php y modificar las líneas:

$BASE_urlpath = ‘/velasquez’;
$DBlib_path = ‘/usr/share/php/adodb’;
$alert_dbname   = ’snort’;
$alert_password = ’snort’; 
Luego se deben cambiar de nuevo los permisos al directorio de BASE, para ello digitamos en la consola:
 

—> chmod 755 /var/www/velasquez
 

     Paso 6: Probar BASE

Para probar el funcionamiento de BASE debemos iniciar desde la terminal el SNORT: 

—-> snort -c /etc/snort/snort.conf -i eth2 –D

En mi caso la interfaz de red se llama eth2, así que esto es un parámetro que debe cambiar dependiendo de cómo se llame la interfaz. 

Esta línea se puede añadir al archivo /etc/rc.local si se quiere iniciar SNORT cada que se inicie la máquina. 

Para saber si el SNORT está corriendo se debe digitar en la terminal:
 

—-> ps aux | grep snort 

Y debe aparecer una línea que dice :

—-> snort -c /etc/snort/snort.conf -i eth0 -D

Ahora abrimos BASE en el navegador y nos fijamos en el número de alertas o entradas a la base de datos.

—-> nmap -sU localhost -T5
—-> nmap -PU localhost
—-> nmap -sT localhost
—-> nmap -PU localhost
—-> nmap -sO localhost
—-> nmap -sF localhost

   Si no se tiene nmap se puede instalar mediante:

—-> Apt-get install nmap  

Ahora volvemos a la página de BASE, digitando https://localhost/velasquez y se puede apreciar las detecciones de ataques. BASE ofrece una interfaz sencilla y completa para la visualización de estas alertas, ya sea en lista o una por una. Se pueden crear reglas personalizadas para la detección de ataques específicos, incluyéndolas en el archivo local.rules.
 

   Con esto ha quedado configurado BASE !

TMD is disturbed by how cute I think pouty or sad photos are. Is she right? Am I weird?

Hi all, today we will be see how to understand the output from SNORT Intrusion Detection Systems. I believe SNORT to be one of the best open source IDS/IPS created till yet and a lot of other commercial IDS/IPS would have SNORT working as its core. So, without further due lets get cracking.

Introduction

Network intrusion detection systems (NIDS) provide a layer of defense that monitors network traffic for predefined suspicious activity or patterns, and alerts system administrators when potential hostile traffic is detected.

Snort is a library-based packet sniffer and logger that can be used as a “lightweight” network intrusion detection system (NIDS). Features include rule based logging to perform content pattern matching and detect a variety of attacks and probes, such as buffer overflows, stealth port scans, SMB probes, and much more. Snort has real-time alerting capability, and can be programmed to store in an alert file or use the Server Message Block to open a popup window to alert the admin. Snort can be configured using command line switches or Berkeley Packet Filter commands. The detection engine is programmed to perform per packet tests and actions.

Snort can also be deployed rapidly to fill potential holes in a network’s security coverage, such as when a new attack emerges and commercial security vendors are slow to release new attack recognition signatures. Snort is a tool for small, lightly utilized networks. Snort is useful when it is not cost efficient to deploy commercial NIDS sensors.

Snort consists of the following major components:

• Packet Decoder: decodes incoming packets from different interfaces
• Preprocessors: components or plug-ins that can be used to arrange or modify data packets before the detection engine detect malicious activity.
• Detection Engine: detects intrusion activity exists in a packet by employing rules.
• Logging and Alerting System: decides what step must be taken with the output from the detection engine, log the anomalies or generate an alert.
• Output Modules: provides an easy-to-understand layout of the snort data from the log files of the generated alert, depending on the option selected by the admin.
• This article analysis a part of snort logs and tries to attain valuable information from the logs so as to understand what exactly was going on during their creation. For more information visit this link – Complete Snort-based IDS Architecture – Part One, Part Two

I will be going through a sample snort output and we will go through each and every detail of it and help identify the attack, victim machine, attackers machine, and other details. After this exercise you will have a better understanding of SNORT and how to analyze its alerts/output.

Sample Data

[root@linux-server root]# snort -dvi eth0
Version 2.0.0 (Build 72)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)
10/29-11:08:19.902840 192.168.246.12:1025 -> 128.8.10.90:53
UDP TTL:64 TOS:0×0 ID:0 IpLen:20 DgmLen:73 DF
Len: 45
AA E2 00 00 00 01 00 00 00 00 00 00 02 33 37 03 ………….37.
32 34 36 03 31 36 38 03 31 39 32 07 69 6E 2D 61 246.168.192.in-a
64 64 72 04 61 72 70 61 00 00 0C 00 01 ddr.arpa…..                 Packet 1
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/29-11:08:20.852840 192.168.246.12 -> 192.168.246.37
ICMP TTL:255 TOS:0×0 ID:13170 IpLen:20 DgmLen:40
Type:13 Code:0 ID: 25124 Seq: 0 TIMESTAMP REQUEST
62 24 00 00 02 63 E3 FD 00 00 00 00 00 00 00 00 b$…c……….     Packet 2
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/29-11:08:20.852840 192.168.246.37 -> 192.168.246.12
ICMP TTL:128 TOS:0×0 ID:17878 IpLen:20 DgmLen:40
Type:14 Code:0 ID: 25124 Seq: 0 TIMESTAMP REPLY:
Orig: 4259537666 Rtime: 40100906 Ttime: 40100906
62 24 00 00 02 63 E3 FD 2A E4 63 02 2A E4 63 02 b$…c..*.c.*.c.     Packet 3
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/29-11:08:21.852840 192.168.246.12 -> 192.168.246.37
ICMP TTL:255 TOS:0×0 ID:13170 IpLen:20 DgmLen:40
Type:13 Code:0 ID: 25124 Seq: 256 TIMESTAMP REQUEST
62 24 01 00 02 63 E7 DF 00 00 00 00 00 00 00 00 b$…c……….     Packet 4
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/29-11:08:21.852840 192.168.246.37 -> 192.168.246.12
ICMP TTL:128 TOS:0×0 ID:17879 IpLen:20 DgmLen:40
Type:14 Code:0 ID: 25124 Seq: 256 TIMESTAMP REPLY:
Orig: 3756483330 Rtime: 40101890 Ttime: 40101890
62 24 01 00 02 63 E7 DF 02 E8 63 02 02 E8 63 02 b$…c….c…c.     Packet 5
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Analysis

The data from SNORT looks so confusing now. You must be pondering what is going on and how exactly am I gonna make sense of al this data, let alone determine the attack, if any.
Well dont worry. Let us now tear it apart into bits and pieces of valuable information.

Here is how,

Consider Packet 1 as Part A

[root@linux-server root]# snort -dvi eth0
Version 2.0.0 (Build 72)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)
10/29-11:08:19.902840 192.168.246.12:1025 -> 128.8.10.90:53
UDP TTL:64 TOS:0×0 ID:0 IpLen:20 DgmLen:73 DF
Len: 45
AA E2 00 00 00 01 00 00 00 00 00 00 02 33 37 03 ………….37.
32 34 36 03 31 36 38 03 31 39 32 07 69 6E 2D 61 246.168.192.in-a
64 64 72 04 61 72 70 61 00 00 0C 00 01 ddr.arpa….. Packet 1
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


When we analyse Part A, [root@linux-server root] imply that the source machine is running UNIX based OS. The Time To Live or TTL value is set to 64. This occurs only if the OS is running either UNIX based or BSD based OS because, both these OS assign value 64 as default TTL value to their packets. Next, snort -dvi eth0 imply that the source machine has initiated Snort in a sniffer mode to capture all packets being carried through the interface eth0.


The logs reveal that the packet is an UDP packet, sent on the 29^th Oct at 11:08 am. The source IP address is: 192.168.246.12 and the source port: 1025, which is usually used for network blackjack. The destination IP address is: 128.8.10.90 and the destination port: 53, which is used for Domain Name System. Hence, it suggests that the packet is part of a DNS query.

More information is acquired from Part A. The ASCII dump tells us in-addr.arpa was contacted by the packet.

The in-addr.arpa Domain


The in-addr.arpa domain is used to convert 32-bit numeric IP addresses back into domain names. Arpa stands for Address Routing and Parameter Area. The Internet uses a special domain to support gateway location and Internet address to host mapping. The intent of this domain is to provide a guaranteed method to perform host address to host name mapping, and to facilitate queries to locate all gateways on a particular network in the Internet. Domain names in the IN-ADDR.ARPA domain are defined to have up to four labels in addition to the IN-ADDR.ARPA suffix. The address is displayed in reverse, e.g. the address 10.2.0.52 is located at domain name 52.0.2.10.IN-ADDR.ARPA.

Hence, we can conclude that this packet is a part of a DNS query from the source address to in-addr.arpa. The above packet also has a high probability of being a part of an Attempted Information Leak (DNS named version attempt), by attempting to map the network address using in-addr.arpa.

Consider Packet 2 & 4 as PART B

10/29-11:08:20.852840 192.168.246.12 -> 192.168.246.37
ICMP TTL:255 TOS:0×0 ID:13170 IpLen:20 DgmLen:40
Type:13 Code:0 ID: 25124 Seq: 0 TIMESTAMP REQUEST
62 24 00 00 02 63 E3 FD 00 00 00 00 00 00 00 00 b$…c……….     Packet 2
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/29-11:08:21.852840 192.168.246.12 -> 192.168.246.37
ICMP TTL:255 TOS:0×0 ID:13170 IpLen:20 DgmLen:40
Type:13 Code:0 ID: 25124 Seq: 256 TIMESTAMP REQUEST
62 24 01 00 02 63 E7 DF 00 00 00 00 00 00 00 00 b$…c……….     Packet 4
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


Since, packet 2 and packet 4 are ICMP Timestamp requests we will analyze them together. From the above packets, the source IP address is 192.168.246.12 while the destination IP address is 192.168.246.37.


Internet Control Message Protocol (ICMP)


The main job of an ICMP packet is to send error messages for non-transient error conditions and aid in query the network to determine general characteristics of the network. It provides a feedback about problems in the communication environment.

IP provides the basic support for ICMP but in reality, ICMP is an integral part of IP. ICMP is a relatively simple protocol, but it can be altered to act as a medium for evil purpose. Such evil purposes include

1. Reconnaissance
2. Denial of Service
3. Covert Channel

From the type of data being transmitted, we can assume that the ICMP packet is being used for
Reconnaissance, to be more precise, OS fingerprinting. The ICMP Time Stamp Request/Reply pair allows a host to query another for the current time. This allows a sender to determine the amount of latency that a particular network is experiencing.

Now let’s take a closer look at an ICMP Timestamp Request packet.

ICMP Timestamp Request


Packet format:

Fig 1.1: ICMP Timestamp Packet

 

Type: 8 bits. During a Timestamp Request, Type is set to 13 and during Reply it is 14.
Code: 8 bits. Always set to 0.
ICMP Header Checksum: 16 bits.
Identifier: 16 bits.
If code is zero then an identifier is used to help match timestamp requests to the associated reply. It may be set to zero.
Sequence number: 16 bits.
If code is zero then a sequence number is used to help match timestamp requests to the associated reply. It may be set to zero.
Originate timestamp: 32 bits.
Receive timestamp: 32 bits.
Transmit timestamp: 32 bits.
The Originate Timestamp is the time just before it sent the message, Receive Timestamp is the time the echoer just opened the message on receipt, and the Transmit Timestamp is the time just before the echoer sent the message back.

The TTL value of the packets confirms that the system sending the ICMP Timestamp request is running on either BSD based OS like FreeBSD 4.0/3.4, OpenBSD 2.7/2.6, Solaris 2.5.1/2.6/2.7/2.8 because the value of IP TTL= 255. On a closer check of the packets reveals the tool used for ICMP Timestamp ping. SING is the tool that is used to send the ICMP packets. This is revealed by ID: 13170 that is native to SING. The following describes more about SING.

SING: SING or Send ICMP Nasty Garbage is a little tool that sends ICMP packets fully customized from command line. The main purpose is to replace ping command with certain enhancements:

1. Send fragmented packets (Linux and BSD).
2. Send monster packets
3. Send/read spoofed packets
4. Send many ICMP Information types in addition to the ECHO REQUEST type sent by default as Address Mask Request, Timestamp, and Information Request.
5. Router Solicitation and Router Advertisement
6. Send many ICMP error types: Redirect, Source Quench, Time Exceeded, Destination Unreach and Parameter Problem.
7. Send to host with Loose or Strict Source Routing.
8. Use little fingerprinting techniques to discover Windows or Solaris boxes.
9. Send ICMP packets emulating certain OS: Cisco, Solaris, Linux, UNIX and Windows at the moment.

Consider Packet 3 & 5 as PART C

10/29-11:08:20.852840 192.168.246.37 -> 192.168.246.12
ICMP TTL:128 TOS:0×0 ID:17878 IpLen:20 DgmLen:40
Type:14 Code:0 ID: 25124 Seq: 0 TIMESTAMP REPLY:
Orig: 4259537666 Rtime: 40100906 Ttime: 40100906
62 24 00 00 02 63 E3 FD 2A E4 63 02 2A E4 63 02 b$…c..*.c.*.c.     Packet 3
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/29-11:08:21.852840 192.168.246.37 -> 192.168.246.12
ICMP TTL:128 TOS:0×0 ID:17879 IpLen:20 DgmLen:40
Type:14 Code:0 ID: 25124 Seq: 256 TIMESTAMP REPLY:
Orig: 3756483330 Rtime: 40101890 Ttime: 40101890
62 24 01 00 02 63 E7 DF 02 E8 63 02 02 E8 63 02 b$…c….c…c.     Packet 5
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


Now, let us analyze packet 3 and packet 5. These packets are the Timestamp replies to the requests made my packet 2 and packet 4 correspondingly. The source address for the packets is 192.168.246.37 and the destination address is 192.168.246.12. The TTL value of the packets suggests that the destination server is running on Windows platform. Because, UNIX based OS return a TTL value of 255 to an ICMP request while a Windows system replies with 128.

More facts can be found in the packets suggesting that the destination system is indeed running on Windows platform. First of all, the very replying to an ICMP Timestamp request with Code: 0 suggests that the target system is a Windows system and it should be a Windows 2000 machine.

Orig: 4259537666 Rtime: 40100906 Ttime: 40100906 à Packet 3
Orig: 3756483330 Rtime: 40101890 Ttime: 40101890 à Packet 5

The Receive Time and Transmit Time of packet 3 and 5 correspondingly, are similar, suggesting that the source and the destination are on the same machine.

Finally, packet 3 has a packet ID: 17878 while packet 5 has a packet ID: 17879, even though basically they are the same reply commands. This is because Windows increments packet ID by 1 while UNIX or UNIX based OS increment it by 5.

Conclusion

Network Intrusion Detection Systems (NIDS) are becoming more sophisticated and heavy. But they have become strong. Snort on the other hand, which was developed with the sole purpose of being a portable, lightweight NIDS has served its part and is still evolving. The main advantage that Snort has over other commercial NIDS is being Open-Source. Being open-source, allows snort to be handled with a much wider range of people and technicians who later add their own contributions into snort, making it much stronger.

With the successful analysis of the given snort logs, we have reached to the conclusion that:

1. IP address of source machine is 192.168.246.12
2. The first packet is part of DNS query. But with its unusual reverse DNS query, suggests a probable Information Leak attempt (DNS).
3. Packets 2 and 4 are ICMP timestamp request packets.
4. ID: 13170 in the Timestamp Request confirms the source machine is using SING (Send ICMP Nasty Garbage) tool to send the packets.
5. The TTL value of the first packet (DNS query) is set to 64 with the DF bit set, this occurs only if the system is running Linux 2.2.x or FreeBSD.
6. Sequence numbers of packet 2 and 4 have a difference of 256, which suggests that the operating system that the source system is running is either Linux 2.2.x or FreeBSD 4.1.
7. The TTL value of ICMP Timestamp Request is 255, which proves that the source machine is running on FreeBSD 4.1.
8. When we compare packet 3 and packet 5, we can see that the packet ID has shifted by 1. This suggests that the destination system is running on a Windows OS.
9. A TTL: 128 on the Timestamp Reply packets suggest that the destination machine is running Windows 2000.
10. Because both Receive Time and Transmit Time are the same, it suggests that destination source systems are the same. Hence, the destination/source is being run using a Virtual Machine, probably VMware.

The time and date in the logs are the same, strengthening our assumption that both source and destination systems are the same.

I’ve got videos to show you. I know, I know, you are shitting your pants with excitement. I just need to figure out how, exactly, to get them from my camera onto the computer onto this blog. Stay tuned. Until then, a picture I didn’t need to set up. They figured this out all on their own: